exploitDog

CVE-2021-3025

Опубликовано: 08 янв. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).

Ссылки

http://packetstormsecurity.com/files/160830/IPS-Community-Suite-4.5.4-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://invisioncommunity.com/release-notes/
Release Notes
Vendor Advisory
http://packetstormsecurity.com/files/160830/IPS-Community-Suite-4.5.4-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://invisioncommunity.com/release-notes/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:invisioncommunity:ips_community_suite:*:*:*:*:*:*:*:*

Версия до 4.5.4.2 (исключая)

EPSS

Процентиль: 65%

0.00482

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-fgc3-w3gg-xj3f

github

больше 3 лет назад

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).

EPSS

Процентиль: 65%

0.00482

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89